Crypto phishing attacks linked to wallet drainers declined sharply in 2025, with total losses dropping to $83.85 million, an 83% fall from nearly $494 million recorded the year before. Key Takeaways: Wallet drainer phishing losses fell 83% in 2025, but attackers remain active and adaptive. Phishing spikes tracked market rallies, with Ethereum’s Q3 surge driving the year’s highest losses. Permit-based approvals and new EIP-7702 exploits remain key risks for users. The number of affected users also fell to about 106,000, marking a 68% year-over-year decrease, according to a new report from Web3 security platform Scam Sniffer . The findings point to a significant slowdown in one of crypto’s most persistent threats, with fewer victims and smaller aggregate losses, even as attackers continue to refine their methods. Crypto Phishing Losses Spike During Market Rallies, Report Warns Despite the steep decline, the report cautioned that phishing activity has not disappeared. Instead, losses tracked closely with broader market cycles. Periods of heightened onchain activity were followed by spikes in phishing incidents, while quieter markets saw losses ease. The third quarter of 2025, which coincided with Ethereum’s strongest rally of the year, recorded the highest losses at $31 million. August and September alone accounted for nearly 29% of total annual losses. Scam Sniffer described phishing as a “probability function of user activity,” noting that higher transaction volumes tend to increase the pool of potential victims. Monthly losses ranged from just $2.04 million in December, the calmest month, to $12.17 million in August, when trading activity peaked. Scam Sniffer 2025 Report is out! Crypto phishing losses dropped 83% — $494M → $83.85M, with 106K victims (-68%). But the threat followed the market: Q3 rally = highest losses. EIP-7702 exploitation emerged post-Pectra. Full report https://t.co/qziSEjiEVx — Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) January 3, 2026 The largest single incident of the year involved a $6.5 million theft in September tied to a malicious Permit signature. Permit and Permit2 approvals remained the most effective tools for attackers, accounting for 38% of losses in cases exceeding $1 million. The data suggests that approval-based exploits continue to pose a major risk, particularly for users interacting with unfamiliar applications. The report also highlighted the emergence of new attack vectors. Following Ethereum’s Pectra upgrade, attackers began abusing EIP-7702–based malicious signatures, which enable multiple harmful actions to be bundled into a single user approval. Two such incidents in August resulted in $2.54 million in losses, underscoring how quickly attackers adapt to protocol changes. Crypto Phishers Shift From Big Heists to Mass Retail Attacks Large-scale attacks became less frequent, with only 11 cases above $1 million in 2025, down from 30 the previous year. At the same time, attackers appeared to shift toward lower-value, higher-volume campaigns. The average loss per victim fell to $790, pointing to a broader focus on retail users rather than isolated, high-profile thefts. As reported, an attacker has siphoned funds from hundreds of crypto wallets across Ethereum Virtual Machine (EVM)–compatible networks, draining small amounts from each address in what onchain investigator ZachXBT described as a broad, low-value operation. While individual losses were limited, typically under $2,000 per wallet, the incident’s scope points to a coordinated campaign rather than an isolated breach. Meanwhile, crypto-related losses from hacks and cybersecurity exploits fell sharply in December , dropping 60% month-on-month to about $76 million. The post Wallet Drainer Phishing Losses Fall to $84M in 2025, Down 83% appeared first on Cryptonews .
